DNSSEC will place an additional burden on the network and, in particular, the infrastructure based DNS servers.
The rationale to have the root key defined here but not used is that will use some of the existing DNS infrastructure (via use of RFC5011) and allow server operators to gauge load. I would recommend that Ubuntu 11.10 ships with DNSSEC available (i.e. root key but disabled) and Ubuntu 12.04 ships with DNSSEC enabled (i.e. root key and enabled by default), so that server operators are not overwhelmed. ** Patch added: "0005-Add-in-the-current-root-.-DNSSEC-key.patch" https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/782614/+attachment/2257836/+files/0005-Add-in-the-current-root-.-DNSSEC-key.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/782614 Title: make configuring DNSSEC validation easier To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/782614/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs